Steven Jones wrote:
access log,

[22/Sep/2010:14:22:39 +1200] conn=48 fd=65 slot=65 connection from 127.0.0.1 to 
127.0.0.1
[22/Sep/2010:14:22:39 +1200] conn=48 op=0 BIND dn="" method=128 version=3
[22/Sep/2010:14:22:39 +1200] conn=48 op=0 RESULT err=0 tag=97 nentries=0 etime=0 
dn=""
[22/Sep/2010:14:22:39 +1200] conn=48 op=1 SRCH base="dc=vuw,dc=ac,dc=nz" scope=2 
filter="(&(cn=pulse-rt)(objectClass=posixGroup))" attrs="objectClass cn userPassword gidNumber 
member nsUniqueId modifyTimestamp"
[22/Sep/2010:14:22:39 +1200] conn=48 op=1 RESULT err=0 tag=101 nentries=0 
etime=0
[22/Sep/2010:14:23:57 +1200] conn=49 fd=66 slot=66 SSL connection from 
130.195.53.104 to 130.195.53.104
[22/Sep/2010:14:23:57 +1200] conn=49 SSL 256-bit AES
[22/Sep/2010:14:23:57 +1200] conn=49 op=0 BIND dn="cn=directory manager" 
method=128 version=3
[22/Sep/2010:14:23:57 +1200] conn=49 op=0 RESULT err=49 tag=97 nentries=0 
etime=0
[22/Sep/2010:14:23:57 +1200] conn=49 op=1 UNBIND
[22/Sep/2010:14:23:57 +1200] conn=49 op=1 fd=66 closed - U1
[22/Sep/2010:14:24:02 +1200] conn=50 fd=66 slot=66 SSL connection from 
130.195.53.104 to 130.195.53.104
[22/Sep/2010:14:24:02 +1200] conn=50 SSL 256-bit AES
[22/Sep/2010:14:24:02 +1200] conn=50 op=0 BIND dn="cn=directory manager" 
method=128 version=3
[22/Sep/2010:14:24:02 +1200] conn=50 op=0 RESULT err=0 tag=97 nentries=0 etime=0 
dn="cn=directory manager"
[22/Sep/2010:14:24:02 +1200] conn=50 op=1 SRCH base="cn=config" scope=0 
filter="(objectClass=*)" attrs="nsslapd-instancedir nsslapd-errorlog nsslapd-certdir 
nsslapd-schemadir"
[22/Sep/2010:14:24:02 +1200] conn=50 op=1 RESULT err=0 tag=101 nentries=1 
etime=0
[22/Sep/2010:14:24:02 +1200] conn=50 op=2 SRCH base="cn=config,cn=ldbm 
database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" 
attrs="nsslapd-directory"
[22/Sep/2010:14:24:02 +1200] conn=50 op=2 RESULT err=0 tag=101 nentries=1 
etime=0
[22/Sep/2010:14:24:02 +1200] conn=50 op=3 SRCH base="cn=mapping tree,cn=config" scope=2 
filter="(|(objectClass=nsDSWindowsReplicationAgreement)(objectClass=nsds5ReplicationAgreement))"
 attrs=ALL
[22/Sep/2010:14:24:02 +1200] conn=50 op=3 RESULT err=0 tag=101 nentries=1 
etime=0
[22/Sep/2010:14:24:02 +1200] conn=50 op=4 SRCH base="cn=meTovuwwincodc00001.vuw.ac.nz636, 
cn=replica, cn=\22dc=vuw,dc=ac,dc=nz\22, cn=mapping tree, cn=config" scope=2 
filter="(objectClass=*)" attrs=ALL
[22/Sep/2010:14:24:02 +1200] conn=50 op=4 RESULT err=0 tag=101 nentries=1 
etime=0
[22/Sep/2010:14:24:02 +1200] conn=50 op=5 UNBIND
[22/Sep/2010:14:24:02 +1200] conn=50 op=5 fd=66 closed - U1
[22/Sep/2010:14:33:36 +1200] conn=51 fd=66 slot=66 SSL connection from 
130.195.53.104 to 130.195.53.104
[22/Sep/2010:14:33:36 +1200] conn=51 SSL 256-bit AES
[22/Sep/2010:14:33:36 +1200] conn=51 op=0 BIND dn="cn=directory manager" 
method=128 version=3
[22/Sep/2010:14:33:36 +1200] conn=51 op=0 RESULT err=0 tag=97 nentries=0 etime=0 
dn="cn=directory manager"
[22/Sep/2010:14:33:36 +1200] conn=51 op=1 SRCH base="cn=config" scope=0 
filter="(objectClass=*)" attrs="nsslapd-instancedir nsslapd-errorlog nsslapd-certdir 
nsslapd-schemadir"
[22/Sep/2010:14:33:36 +1200] conn=51 op=1 RESULT err=0 tag=101 nentries=1 
etime=0
[22/Sep/2010:14:33:36 +1200] conn=51 op=2 SRCH base="cn=config,cn=ldbm 
database,cn=plugins,cn=config" scope=0 filter="(objectClass=*)" 
attrs="nsslapd-directory"
[22/Sep/2010:14:33:36 +1200] conn=51 op=2 RESULT err=0 tag=101 nentries=1 
etime=0
The time corresponds to this from the errors log:
[22/Sep/2010:14:33:36 +1200] - slapd shutting down - signaling operation threads [22/Sep/2010:14:33:36 +1200] - slapd shutting down - closing down internal subsystems and plugins

But a SRCH operation should not trigger a shutdown.

Not sure what's going on here.

Can you reliably reproduce this behavior after restarting directory server?
Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand


-----Original Message-----
From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: Wednesday, 22 September 2010 2:45 p.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems installin freeipa v2

Steven Jones wrote:
Hi,

Ok, it isnt crashing the LDAP server/service its doing a shutdown of it 
according to the error log...
What exactly do you see in the error log? Can you provide excerpts? Can you also provide excerpts of the access log from around the time of the shutdown?
So while a sync is happening the LDAP server is offline?
No, not possible.  Something is going wrong.
How long should this take?

30secs?

3mins?

30mins?

regards

Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand


-----Original Message-----
From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Steven Jones
Sent: Wednesday, 22 September 2010 2:27 p.m.
To: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems installin freeipa v2

For ipa-replica-manage list

The output is my AD

vuwwincodc00001.vuw.ac.nz


regards

Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand


-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com] Sent: Wednesday, 22 September 2010 2:20 p.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems installin freeipa v2

Steven Jones wrote:
Hi,

yes I think you are correct, --binpw is ndded except running this crashed the 
LDAP server....or sends it off to zombie land and I have to reboot it!


ipa-replica-manage add --winsync --binddn cn=administrator,cn=users,dc=example,dc=com 
--bindpw<domain admin password>  \
--cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin 
password>     -v

Is there a log somewhere to look for why?
Crashed which LDAP server? Logs are in /var/log/dirsrv-YOUR_INSTANCE_NAME.

Can you provide the output of ipa-replica-manage?

rob

regards

Steven Jones Technical Specialist Linux/Vmware
Tele 64 4 463 6272
Victoria University
Kelburn
New Zealand


-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, 22 September 2010 1:57 p.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] probems installin freeipa v2

Steven Jones wrote:
This time I copied the output from the ldapsearch command

"dn: cn=ipa_pwd_extop,cn=plugins,cn=config"

and it worked...
Cosmic rays maybe, those strings look identical to me. Glad its working
now in any case.

?

So, section 4.4

ipa-replica-manage add --winsync --binddn 
cn=administrator,cn=users,dc=example,dc=com \
--bindpw password --cacert /path/to/certfile.cer adserver.example.com -v

This appears to be wrong?

It should be,

ipa-replica-manage add --winsync --binddn 
cn=administrator,cn=users,dc=example,dc=com \
--cacert /path/to/certfile.cer adserver.example.com --passsync<domain admin 
password>     -v

You're right in that --passsync is required but --bindpw should also be
required.

I filed https://bugzilla.redhat.com/show_bug.cgi?id=636377 for this.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to